Search the Community

I'm having a heck of a time getting my login.php script to work. The form fails to submit whenever I enter the correct 'uname' and 'pass' combo. My Chrome dev / network watcher reports - in red no less - that the post was"cancelled" when that happens. Any bad combination of 'uname' and 'pass' will submit correctly using the 'post' method - but echoes the user error message that they don't match - as it should. What can "cancel" a form submit post after I hit the submit button? Is there some conditional test going on behind the scenes? I have turned off autofill from my password app. The Chrome dev window says the initiator of the submitted post 'cancellation' was "other" (than the script I assume). It only took 9 ms to do it. If I change the password/uname test if (@mysqli_num_rows($r) == 1) { . . . to always test true, the form submit always gets cancelled. And so the code in login.php never gets to test the pass-uname combo itself. That's the strange part. The form never submits and the page does not reload. It's as if some unseen code is triggered by the form submit button to look ahead to see if the uname and pass combo is in the db - and then cancels the submit 'post' if that is the case.. Any help is appreciated. Here's the code but I suspect there's something else going on. <?php // This is the login page for the site. require ('includes/header.html'); require ('config/config.inc.php'); $page_title = 'Login'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { require (MYSQL); echo "MYSQL loaded<br>"; // Validate the user name: if (!empty($_POST['uname'])) { echo "uname passed<br>"; $u = mysqli_real_escape_string ($dbc, $_POST['uname']); echo "var u = $u <br>"; } else { $u = FALSE; echo '<p class="error">You forgot to enter your username!</p>'; } // Validate the password: if (!empty($_POST['pass'])) { echo "pass passed<br>"; $p = mysqli_real_escape_string ($dbc, $_POST['pass']); echo "var p = $p <br>"; } else { $p = FALSE; echo '<p class="error">You forgot to enter your password!</p>'; } if ($u && $p) { echo "everything's OK<br>"; // Query the database: $q = "SELECT ID, ulevel FROM members WHERE (uname='$u' AND pass=('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { echo " A match was made<br>"; // Register the values: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); echo "Got here<br>"; // Redirect the user: $url = BASE_URL . 'php-main/memLibrary.php'; echo "url= $url <br>";// Define the URL. ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { echo "No pass:uname match!"; // No match was made. echo '<p class="error">Either the username and password entered do not match those on file or you have not yet activated your account.</p>'; } } // end of if (everthing == OK) else // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; mysqli_close($dbc); // In any case } // End of if(srm=='post') conditional ?> <!-- html started in header.html --> <body> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>User Name:</b> <input type="text" name="uname" size="20" autocomplete="off" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" autocomplete="off" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> </fieldset> </form> </body> </html>